TechSpot

Trojan Horse Generic Various - How To Remove!

Solved
By vekky
Jun 7, 2013
  1. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Yes. I am using another computer for this post
     
  2. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  3. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-06-2013
    Ran by SYSTEM on 09-06-2013 12:32:20
    Running from E:\
    Windows 8 (X64) OS Language: English(UK)
    Internet Explorer Version 9
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6548112 2012-06-12] (Realtek Semiconductor)
    HKLM-x32\...\RunOnce: [OTL] "C:\Users\Vivek\Desktop\OTL.exe" [602112 2013-06-09] (OldTimer Tools)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [277504 2012-07-09] (Intel Corporation)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-11] (Oracle Corporation)
    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [702024 2012-12-13] (Cisco Systems, Inc.)
    HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [362432 2011-12-22] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
    Startup: C:\Users\Vivek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)

    ==================== Services (Whitelisted) =================

    S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
    S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)
    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-17] (AVG Technologies CZ, s.r.o.)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-25] (AVG Technologies CZ, s.r.o.)
    S1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
    S1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [246072 2013-03-28] (AVG Technologies CZ, s.r.o.)
    S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-07] (AVG Technologies CZ, s.r.o.)
    S1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [206136 2013-02-07] (AVG Technologies CZ, s.r.o.)
    S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-07] (AVG Technologies CZ, s.r.o.)
    S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-07] (AVG Technologies CZ, s.r.o.)
    S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-07] (AVG Technologies CZ, s.r.o.)
    S1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248120 2013-03-20] (AVG Technologies CZ, s.r.o.)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [50128 2012-12-13] (Cisco Systems, Inc.)
    S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
    S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-06-09 03:46 - 2013-06-09 03:46 - 00000000 ____D C:\_OTL
    2013-06-09 03:17 - 2013-06-09 03:17 - 00104712 ____A C:\Users\Vivek\Desktop\OTL.Txt
    2013-06-09 03:17 - 2013-06-09 03:17 - 00046738 ____A C:\Users\Vivek\Desktop\Extras.Txt
    2013-06-09 03:14 - 2013-06-09 03:14 - 00602112 ____A (OldTimer Tools) C:\Users\Vivek\Desktop\OTL.exe
    2013-06-09 03:08 - 2013-06-09 03:08 - 00000620 ____A C:\Users\Vivek\Desktop\JRT.txt
    2013-06-09 03:07 - 2013-06-09 03:07 - 00000000 ____D C:\Windows\ERUNT
    2013-06-09 03:06 - 2013-06-09 03:07 - 00000000 ____D C:\JRT
    2013-06-09 03:06 - 2013-06-09 03:06 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Vivek\Desktop\JRT.exe
    2013-06-09 03:02 - 2013-06-09 03:02 - 00001071 ____A C:\Users\Vivek\Desktop\AdwCleaner[S1].txt
    2013-06-09 03:00 - 2013-06-09 03:01 - 00001071 ____A C:\AdwCleaner[S1].txt
    2013-06-09 02:58 - 2013-06-09 02:59 - 00648201 ____A C:\Users\Vivek\Desktop\adwcleaner.exe
    2013-06-08 04:58 - 2013-06-08 04:11 - 00039162 ____A C:\Users\Vivek\Desktop\FRST.txt
    2013-06-08 04:58 - 2013-06-08 04:11 - 00012924 ____A C:\Users\Vivek\Desktop\Addition.txt
    2013-06-08 04:58 - 2013-06-08 04:07 - 01919218 ____A (Farbar) C:\Users\Vivek\Desktop\FRST64.exe
    2013-06-08 04:10 - 2013-06-08 04:59 - 00000000 ____D C:\FRST
    2013-06-08 03:15 - 2013-06-08 03:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-06-08 03:02 - 2013-06-08 04:13 - 00000000 ____D C:\Users\Vivek\Desktop\Virus
    2013-06-08 02:26 - 2013-06-08 02:26 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Malwarebytes
    2013-06-08 02:26 - 2013-06-08 02:26 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-06-08 02:26 - 2013-06-08 02:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-08 02:26 - 2013-04-04 06:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-06-08 02:23 - 2013-06-08 02:23 - 00422160 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-06-08 02:23 - 2013-06-08 02:23 - 00281640 ____A C:\Windows\Minidump\060813-9906-01.dmp
    2013-06-07 10:21 - 2013-06-08 10:22 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
    2013-06-04 01:01 - 2013-06-04 01:01 - 00000000 ____D C:\ProgramData\Macrovision
    2013-06-02 13:29 - 2013-04-09 05:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
    2013-06-02 13:29 - 2013-04-09 05:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
    2013-06-02 13:29 - 2013-04-09 05:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
    2013-06-02 13:29 - 2013-04-09 05:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
    2013-06-02 13:29 - 2013-04-09 05:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
    2013-06-02 13:29 - 2013-04-09 05:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
    2013-06-02 13:29 - 2013-04-09 05:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
    2013-06-02 13:29 - 2013-04-09 05:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2013-06-02 13:29 - 2013-04-09 04:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
    2013-06-02 13:29 - 2013-04-09 04:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
    2013-06-02 13:29 - 2013-04-09 04:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
    2013-06-02 13:29 - 2013-04-09 04:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
    2013-06-02 13:29 - 2013-04-09 04:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
    2013-06-02 13:29 - 2013-04-09 04:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
    2013-06-02 13:29 - 2013-04-09 04:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
    2013-06-02 13:29 - 2013-04-09 04:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
    2013-06-02 13:29 - 2013-04-09 04:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
    2013-06-02 13:29 - 2013-04-09 04:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
    2013-06-02 13:29 - 2013-04-09 04:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
    2013-06-02 13:29 - 2013-04-09 04:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
    2013-06-02 13:29 - 2013-04-09 04:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
    2013-06-02 13:29 - 2013-04-09 04:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2013-06-02 13:29 - 2013-04-09 04:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
    2013-06-02 13:29 - 2013-04-09 04:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
    2013-06-02 13:29 - 2013-04-09 04:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
    2013-06-02 13:29 - 2013-04-09 04:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
    2013-06-02 13:29 - 2013-04-09 04:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
    2013-06-02 13:29 - 2013-04-09 04:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2013-06-02 13:29 - 2013-04-09 04:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
    2013-06-02 13:29 - 2013-04-09 04:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
    2013-06-02 13:29 - 2013-04-09 04:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
    2013-06-02 13:29 - 2013-04-09 04:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
    2013-06-02 13:29 - 2013-04-09 04:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
    2013-06-02 13:29 - 2013-04-09 04:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2013-06-02 13:29 - 2013-04-09 04:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
    2013-06-02 13:29 - 2013-04-09 04:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
    2013-06-02 13:29 - 2013-04-09 04:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
    2013-06-02 13:29 - 2013-04-09 04:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
    2013-06-02 13:29 - 2013-04-09 04:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
    2013-06-02 13:29 - 2013-04-09 04:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
    2013-06-02 13:29 - 2013-04-09 04:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
    2013-06-02 13:29 - 2013-04-09 04:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
    2013-06-02 13:29 - 2013-04-09 04:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
    2013-06-02 13:29 - 2013-04-09 04:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
    2013-06-02 13:29 - 2013-04-09 04:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
    2013-06-02 13:29 - 2013-04-09 02:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-06-02 13:29 - 2013-04-09 02:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
    2013-06-02 13:29 - 2013-04-09 02:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
    2013-06-02 13:29 - 2013-04-09 02:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
    2013-06-02 13:29 - 2013-04-09 02:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
    2013-06-02 13:29 - 2013-04-09 02:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
    2013-06-02 13:29 - 2013-04-09 02:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
    2013-06-02 13:29 - 2013-04-09 02:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
    2013-06-02 13:29 - 2013-04-09 02:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
    2013-06-02 13:29 - 2013-04-08 23:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
    2013-06-02 13:29 - 2013-04-08 23:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2013-06-02 13:29 - 2013-04-08 23:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2013-06-02 13:29 - 2013-04-08 23:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2013-06-02 13:29 - 2013-04-08 21:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2013-06-02 13:29 - 2013-04-08 21:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
    2013-06-02 13:29 - 2013-04-08 21:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
    2013-06-02 13:29 - 2013-04-08 21:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    2013-06-02 13:29 - 2013-04-08 21:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
    2013-06-02 13:29 - 2013-04-08 21:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
    2013-06-02 13:29 - 2013-04-08 21:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
    2013-06-02 13:29 - 2013-04-08 21:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
    2013-06-02 13:29 - 2013-04-08 21:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
    2013-06-02 13:29 - 2013-04-04 23:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
    2013-06-02 13:29 - 2013-04-02 22:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
    2013-06-02 13:29 - 2013-03-30 18:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
    2013-06-02 13:29 - 2013-03-30 18:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
    2013-06-02 13:29 - 2013-03-28 22:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
    2013-06-02 13:29 - 2013-03-28 22:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
    2013-06-02 13:29 - 2013-03-15 22:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
    2013-06-02 13:29 - 2013-03-15 22:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
    2013-06-02 13:29 - 2012-12-13 04:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2013-06-02 13:29 - 2012-12-13 03:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-05-18 09:05 - 2013-06-05 14:54 - 00011674 ____A C:\Users\Vivek\Desktop\CarComparison.xlsx
    2013-05-17 04:52 - 2013-04-09 23:17 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-17 04:52 - 2013-04-09 23:17 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-05-17 04:52 - 2013-04-09 23:17 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-05-17 04:52 - 2013-04-09 23:17 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
    2013-05-17 04:52 - 2013-04-09 23:17 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-17 04:52 - 2013-04-09 23:17 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-05-17 04:52 - 2013-04-09 23:16 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-17 04:52 - 2013-04-09 23:16 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-05-17 04:52 - 2013-04-09 23:16 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-17 04:52 - 2013-04-09 23:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-05-17 04:52 - 2013-04-09 22:30 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-17 04:52 - 2013-04-09 22:30 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-17 04:52 - 2013-04-09 22:29 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-17 04:52 - 2013-04-09 22:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-17 04:52 - 2013-04-09 22:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-05-17 04:52 - 2013-04-09 22:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-17 04:52 - 2013-04-09 22:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-05-17 04:52 - 2013-04-09 22:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-17 04:52 - 2013-02-12 01:30 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2013-05-17 04:52 - 2013-02-12 00:56 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
    2013-05-17 04:51 - 2013-04-16 02:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2013-05-17 04:51 - 2013-04-11 06:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-05-17 04:51 - 2013-03-22 03:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
    2013-05-17 04:51 - 2013-03-21 22:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
    2013-05-17 04:51 - 2013-03-15 00:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
    2013-05-17 04:51 - 2013-03-06 07:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2013-05-17 04:51 - 2013-03-06 06:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-05-17 04:51 - 2013-03-06 06:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2013-05-17 04:51 - 2013-03-06 06:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
    2013-05-17 04:51 - 2013-03-06 05:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-05-17 04:51 - 2013-03-06 05:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2013-05-17 04:49 - 2013-05-17 04:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2013-05-16 12:55 - 2013-05-16 12:55 - 00561048 ____A C:\Windows\Minidump\051613-11109-01.dmp
    2013-05-11 03:29 - 2013-05-11 03:29 - 00000000 ____D C:\Users\Vivek\AppData\Local\Adobe
    2013-05-11 03:28 - 2013-06-08 10:22 - 00000000 ____D C:\Program Files (x86)\Adobe
    2013-05-11 03:28 - 2013-05-11 03:28 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2013-05-11 03:23 - 2013-06-08 10:22 - 00000000 ____D C:\ProgramData\Adobe
    2013-05-10 17:37 - 2013-05-10 17:37 - 00679352 ____A C:\Windows\Minidump\051113-11062-01.dmp
    2013-05-10 02:24 - 2013-05-10 02:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2013-05-10 02:24 - 2013-05-10 02:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

    ==================== One Month Modified Files and Folders =======

    2013-06-09 04:28 - 2012-07-26 07:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-06-09 04:26 - 2012-07-26 07:21 - 00018914 ____A C:\Windows\setupact.log
    2013-06-09 04:23 - 2012-07-25 17:10 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-06-09 04:16 - 2013-04-20 07:06 - 01322167 ____A C:\Windows\WindowsUpdate.log
    2013-06-09 04:00 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\System32\sru
    2013-06-09 03:54 - 2012-07-26 07:28 - 00850046 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-06-09 03:47 - 2012-07-26 05:26 - 00524288 __ASH C:\Windows\System32\config\BBI
    2013-06-09 03:46 - 2013-06-09 03:46 - 00000000 ____D C:\_OTL
    2013-06-09 03:22 - 2013-04-20 07:44 - 00000000 ____D C:\Users\Vivek\AppData\Local\Avg2013
    2013-06-09 03:22 - 2013-04-20 07:44 - 00000000 ____D C:\ProgramData\MFAData
    2013-06-09 03:17 - 2013-06-09 03:17 - 00104712 ____A C:\Users\Vivek\Desktop\OTL.Txt
    2013-06-09 03:17 - 2013-06-09 03:17 - 00046738 ____A C:\Users\Vivek\Desktop\Extras.Txt
    2013-06-09 03:14 - 2013-06-09 03:14 - 00602112 ____A (OldTimer Tools) C:\Users\Vivek\Desktop\OTL.exe
    2013-06-09 03:08 - 2013-06-09 03:08 - 00000620 ____A C:\Users\Vivek\Desktop\JRT.txt
    2013-06-09 03:07 - 2013-06-09 03:07 - 00000000 ____D C:\Windows\ERUNT
    2013-06-09 03:07 - 2013-06-09 03:06 - 00000000 ____D C:\JRT
    2013-06-09 03:06 - 2013-06-09 03:06 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Vivek\Desktop\JRT.exe
    2013-06-09 03:02 - 2013-06-09 03:02 - 00001071 ____A C:\Users\Vivek\Desktop\AdwCleaner[S1].txt
    2013-06-09 03:01 - 2013-06-09 03:00 - 00001071 ____A C:\AdwCleaner[S1].txt
    2013-06-09 03:01 - 2012-07-25 17:10 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-06-09 03:01 - 2012-07-25 16:46 - 01342768 ____A C:\Windows\PFRO.log
    2013-06-09 02:59 - 2013-06-09 02:58 - 00648201 ____A C:\Users\Vivek\Desktop\adwcleaner.exe
    2013-06-08 10:22 - 2013-06-07 10:21 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
    2013-06-08 10:22 - 2013-05-11 03:28 - 00000000 ____D C:\Program Files (x86)\Adobe
    2013-06-08 10:22 - 2013-05-11 03:23 - 00000000 ____D C:\ProgramData\Adobe
    2013-06-08 10:22 - 2013-05-07 04:23 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\ICAClient
    2013-06-08 10:22 - 2013-05-07 04:22 - 00000000 ____D C:\Users\Vivek\AppData\Local\Citrix
    2013-06-08 10:22 - 2013-05-07 04:22 - 00000000 ____D C:\ProgramData\Citrix
    2013-06-08 10:22 - 2013-05-07 04:22 - 00000000 ____D C:\Program Files (x86)\Citrix
    2013-06-08 10:22 - 2013-05-07 04:17 - 00000000 ____D C:\Program Files (x86)\Cisco
    2013-06-08 10:22 - 2013-05-07 04:16 - 00000000 ____D C:\Program Files (x86)\Java
    2013-06-08 10:22 - 2013-04-21 05:31 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\vlc
    2013-06-08 10:22 - 2013-04-21 05:11 - 00000000 ____D C:\Program Files (x86)\iTunes
    2013-06-08 10:22 - 2013-04-21 04:52 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\uTorrent
    2013-06-08 10:22 - 2013-04-20 07:10 - 00000000 ____D C:\Users\Vivek\AppData\Local\Google
    2013-06-08 10:22 - 2013-04-20 07:06 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Adobe
    2013-06-08 10:22 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\registration
    2013-06-08 10:22 - 2012-07-26 08:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2013-06-08 10:22 - 2012-07-26 08:12 - 00000000 ____D C:\Program Files\Windows Defender
    2013-06-08 10:22 - 2012-07-26 08:12 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2013-06-08 10:22 - 2012-07-26 08:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2013-06-08 10:22 - 2012-07-26 05:37 - 00000000 ____D C:\Windows\servicing
    2013-06-08 08:24 - 2012-07-25 17:10 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-06-08 04:59 - 2013-06-08 04:10 - 00000000 ____D C:\FRST
    2013-06-08 04:13 - 2013-06-08 03:02 - 00000000 ____D C:\Users\Vivek\Desktop\Virus
    2013-06-08 04:11 - 2013-06-08 04:58 - 00039162 ____A C:\Users\Vivek\Desktop\FRST.txt
    2013-06-08 04:11 - 2013-06-08 04:58 - 00012924 ____A C:\Users\Vivek\Desktop\Addition.txt
    2013-06-08 04:07 - 2013-06-08 04:58 - 01919218 ____A (Farbar) C:\Users\Vivek\Desktop\FRST64.exe
    2013-06-08 03:20 - 2013-06-08 03:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-06-08 02:26 - 2013-06-08 02:26 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Malwarebytes
    2013-06-08 02:26 - 2013-06-08 02:26 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-06-08 02:26 - 2013-06-08 02:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-08 02:23 - 2013-06-08 02:23 - 00422160 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-06-08 02:23 - 2013-06-08 02:23 - 00281640 ____A C:\Windows\Minidump\060813-9906-01.dmp
    2013-06-08 02:23 - 2013-05-06 17:46 - 380871978 ____A C:\Windows\MEMORY.DMP
    2013-06-08 02:23 - 2013-05-06 17:46 - 00000000 ____D C:\Windows\Minidump
    2013-06-08 02:23 - 2013-04-20 07:06 - 00000000 ____D C:\users\Vivek
    2013-06-05 14:54 - 2013-05-18 09:05 - 00011674 ____A C:\Users\Vivek\Desktop\CarComparison.xlsx
    2013-06-04 08:14 - 2013-04-21 10:21 - 00000000 ____D C:\Users\Vivek\Documents\Outlook Files
    2013-06-04 01:04 - 2013-04-20 07:06 - 00000000 ____D C:\Users\Vivek\AppData\Local\VirtualStore
    2013-06-04 01:01 - 2013-06-04 01:01 - 00000000 ____D C:\ProgramData\Macrovision
    2013-06-04 01:00 - 2012-07-25 17:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-06-04 00:56 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\rescache
    2013-06-04 00:19 - 2012-07-26 08:12 - 00000000 ___RD C:\Windows\ToastData
    2013-06-04 00:19 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\WinStore
    2013-06-04 00:19 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
    2013-06-04 00:19 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\System32\en-GB
    2013-06-02 16:12 - 2013-04-20 07:50 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2013-06-02 16:12 - 2012-07-26 05:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
    2013-06-02 13:37 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\AUInstallAgent
    2013-05-17 05:33 - 2013-04-21 07:21 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-05-17 04:49 - 2013-05-17 04:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2013-05-17 04:49 - 2013-04-21 05:11 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Apple Computer
    2013-05-16 12:55 - 2013-05-16 12:55 - 00561048 ____A C:\Windows\Minidump\051613-11109-01.dmp
    2013-05-11 03:29 - 2013-05-11 03:29 - 00000000 ____D C:\Users\Vivek\AppData\Local\Adobe
    2013-05-11 03:28 - 2013-05-11 03:28 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2013-05-10 17:37 - 2013-05-10 17:37 - 00679352 ____A C:\Windows\Minidump\051113-11062-01.dmp
    2013-05-10 02:24 - 2013-05-10 02:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2013-05-10 02:24 - 2013-05-10 02:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-05-14 06:22:24
    Restore point made on: 2013-06-02 16:20:50
    Restore point made on: 2013-06-04 01:01:04

    ==================== Memory info ===========================

    Percentage of memory in use: 10%
    Total physical RAM: 8141.93 MB
    Available physical RAM: 7321.66 MB
    Total Pagefile: 8141.93 MB
    Available Pagefile: 7325.39 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:111.45 GB) (Free:65.55 GB) NTFS (Disk=0 Partition=2)
    Drive d: (VivekStorage) (Fixed) (Total:931.51 GB) (Free:889.84 GB) NTFS (Disk=1 Partition=1)
    Drive e: (Vivek) (Removable) (Total:0.94 GB) (Free:0.94 GB) exFAT (Disk=2 Partition=1)
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.1 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: F20632BD)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 02E24DA9)
    Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (Size: 963 MB) (Disk ID: 509AB85B)
    Partition 1: (Active) - (Size=962 MB) - (Type=07 NTFS)


    LastRegBack: 2013-06-02 16:20

    ==================== End Of Log ============================
     
  4. vekky

    vekky TS Rookie Topic Starter Posts: 34

    FYI,

    In the recovery mode, it prompted me for my administrator password. This password is the same and it accepted it with no issues.

    It just doesnt accept it to log into windows using this whole windows live account business. I should look into just having a local account to log into windows when we overcome our issue on hand.

    Thanks once again
     
  5. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot normally.

    If you do re-run regular FRST which you should have on your Desktop (instructions in my post #11).
     

    Attached Files:

  6. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Success, your instructions worked. Thank You.

    Fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-06-2013
    Ran by SYSTEM at 2013-06-09 12:49:33 Run:2
    Running from E:\
    Boot Mode: Recovery
    ==============================================

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====
     
  7. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Re run of Scan

    Frst.txt

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-06-2013
    Ran by Vivek (administrator) on 09-06-2013 12:50:50
    Running from F:\
    Windows 8 (X64) OS Language: English(UK)
    Internet Explorer Version 9
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    (AMD) C:\Windows\system32\atiesrxx.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Windows\SysWOW64\ASGT.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Windows\system32\dashost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    (Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Stardock) C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
    (Stardock) C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6548112 2012-06-12] (Realtek Semiconductor)
    HKCU\...\Policies\system: [DisableRegistryTools] 0
    HKCU\...\Policies\system: [DisableTaskMgr] 0
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [277504 2012-07-09] (Intel Corporation)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [702024 2012-12-13] (Cisco Systems, Inc.)
    HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [362432 2011-12-22] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-19] (Adobe Systems Incorporated)
    Startup: C:\Users\Vivek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR RestoreOnStartup: "hxxp://www.google.com"
    CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
    CHR Plugin: (Norton Confidential) - C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Extension: (YouTube) - C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Google Search) - C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (AdBlock) - C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
    CHR Extension: (Gmail) - C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

    ==================== Services (Whitelisted) =================

    R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
    S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
    R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248120 2013-03-21] (AVG Technologies CZ, s.r.o.)
    R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
    S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [50128 2012-12-13] (Cisco Systems, Inc.)
    S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
    S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-06-09 20:49 - 2013-06-09 20:49 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2013-06-09 11:46 - 2013-06-09 11:46 - 00000000 ____D C:\_OTL
    2013-06-09 11:17 - 2013-06-09 11:17 - 00104712 ____A C:\Users\Vivek\Desktop\OTL.Txt
    2013-06-09 11:17 - 2013-06-09 11:17 - 00046738 ____A C:\Users\Vivek\Desktop\Extras.Txt
    2013-06-09 11:14 - 2013-06-09 11:14 - 00602112 ____A (OldTimer Tools) C:\Users\Vivek\Desktop\OTL.exe
    2013-06-09 11:08 - 2013-06-09 11:08 - 00000620 ____A C:\Users\Vivek\Desktop\JRT.txt
    2013-06-09 11:07 - 2013-06-09 11:07 - 00000000 ____D C:\Windows\ERUNT
    2013-06-09 11:06 - 2013-06-09 11:07 - 00000000 ____D C:\JRT
    2013-06-09 11:06 - 2013-06-09 11:06 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Vivek\Desktop\JRT.exe
    2013-06-09 11:02 - 2013-06-09 11:02 - 00001071 ____A C:\Users\Vivek\Desktop\AdwCleaner[S1].txt
    2013-06-09 11:00 - 2013-06-09 11:01 - 00001071 ____A C:\AdwCleaner[S1].txt
    2013-06-09 10:58 - 2013-06-09 10:59 - 00648201 ____A C:\Users\Vivek\Desktop\adwcleaner.exe
    2013-06-08 12:58 - 2013-06-08 12:11 - 00039162 ____A C:\Users\Vivek\Desktop\FRST.txt
    2013-06-08 12:58 - 2013-06-08 12:11 - 00012924 ____A C:\Users\Vivek\Desktop\Addition.txt
    2013-06-08 12:58 - 2013-06-08 12:07 - 01919218 ____A (Farbar) C:\Users\Vivek\Desktop\FRST64.exe
    2013-06-08 12:10 - 2013-06-08 12:59 - 00000000 ____D C:\FRST
    2013-06-08 11:15 - 2013-06-08 11:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-06-08 11:02 - 2013-06-08 12:13 - 00000000 ____D C:\Users\Vivek\Desktop\Virus
    2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Malwarebytes
    2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-08 10:26 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-06-08 10:23 - 2013-06-08 10:23 - 00422160 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-06-08 10:23 - 2013-06-08 10:23 - 00281640 ____A C:\Windows\Minidump\060813-9906-01.dmp
    2013-06-07 18:21 - 2013-06-08 18:22 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
    2013-06-04 09:01 - 2013-06-04 09:01 - 00000000 ____D C:\ProgramData\Macrovision
    2013-06-02 21:29 - 2013-04-09 13:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
    2013-06-02 21:29 - 2013-04-09 13:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
    2013-06-02 21:29 - 2013-04-09 13:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
    2013-06-02 21:29 - 2013-04-09 13:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
    2013-06-02 21:29 - 2013-04-09 13:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
    2013-06-02 21:29 - 2013-04-09 13:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
    2013-06-02 21:29 - 2013-04-09 13:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
    2013-06-02 21:29 - 2013-04-09 13:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2013-06-02 21:29 - 2013-04-09 12:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
    2013-06-02 21:29 - 2013-04-09 12:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
    2013-06-02 21:29 - 2013-04-09 12:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
    2013-06-02 21:29 - 2013-04-09 12:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
    2013-06-02 21:29 - 2013-04-09 12:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
    2013-06-02 21:29 - 2013-04-09 12:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2013-06-02 21:29 - 2013-04-09 12:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
    2013-06-02 21:29 - 2013-04-09 12:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
    2013-06-02 21:29 - 2013-04-09 12:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
    2013-06-02 21:29 - 2013-04-09 12:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
    2013-06-02 21:29 - 2013-04-09 12:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
    2013-06-02 21:29 - 2013-04-09 10:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-06-02 21:29 - 2013-04-09 10:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
    2013-06-02 21:29 - 2013-04-09 10:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
    2013-06-02 21:29 - 2013-04-09 10:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
    2013-06-02 21:29 - 2013-04-09 10:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
    2013-06-02 21:29 - 2013-04-09 10:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
    2013-06-02 21:29 - 2013-04-09 10:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
    2013-06-02 21:29 - 2013-04-09 10:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
    2013-06-02 21:29 - 2013-04-09 10:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
    2013-06-02 21:29 - 2013-04-09 07:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
    2013-06-02 21:29 - 2013-04-09 07:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2013-06-02 21:29 - 2013-04-09 07:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2013-06-02 21:29 - 2013-04-09 07:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2013-06-02 21:29 - 2013-04-09 05:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2013-06-02 21:29 - 2013-04-09 05:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
    2013-06-02 21:29 - 2013-04-09 05:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
    2013-06-02 21:29 - 2013-04-09 05:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    2013-06-02 21:29 - 2013-04-09 05:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
    2013-06-02 21:29 - 2013-04-09 05:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
    2013-06-02 21:29 - 2013-04-09 05:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
    2013-06-02 21:29 - 2013-04-09 05:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
    2013-06-02 21:29 - 2013-04-05 07:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
    2013-06-02 21:29 - 2013-04-03 06:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
    2013-06-02 21:29 - 2013-03-31 02:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
    2013-06-02 21:29 - 2013-03-31 02:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
    2013-06-02 21:29 - 2013-03-29 06:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
    2013-06-02 21:29 - 2013-03-29 06:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
    2013-06-02 21:29 - 2013-03-16 06:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
    2013-06-02 21:29 - 2013-03-16 06:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
    2013-06-02 21:29 - 2012-12-13 12:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2013-06-02 21:29 - 2012-12-13 11:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-05-18 17:05 - 2013-06-05 22:54 - 00011674 ____A C:\Users\Vivek\Desktop\CarComparison.xlsx
    2013-05-17 12:52 - 2013-04-10 07:17 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-17 12:52 - 2013-04-10 07:17 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-05-17 12:52 - 2013-04-10 07:17 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-05-17 12:52 - 2013-04-10 07:17 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
    2013-05-17 12:52 - 2013-04-10 07:17 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-17 12:52 - 2013-04-10 07:17 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-05-17 12:52 - 2013-04-10 07:16 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-17 12:52 - 2013-04-10 07:16 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-05-17 12:52 - 2013-04-10 07:16 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-17 12:52 - 2013-04-10 07:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-05-17 12:52 - 2013-04-10 06:30 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-17 12:52 - 2013-04-10 06:30 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-17 12:52 - 2013-04-10 06:29 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-17 12:52 - 2013-04-10 06:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-17 12:52 - 2013-04-10 06:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-05-17 12:52 - 2013-04-10 06:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-17 12:52 - 2013-04-10 06:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-05-17 12:52 - 2013-04-10 06:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-17 12:52 - 2013-02-12 09:30 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2013-05-17 12:52 - 2013-02-12 08:56 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
    2013-05-17 12:51 - 2013-04-16 10:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2013-05-17 12:51 - 2013-04-11 14:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-05-17 12:51 - 2013-03-22 11:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
    2013-05-17 12:51 - 2013-03-22 06:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
    2013-05-17 12:51 - 2013-03-15 08:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
    2013-05-17 12:51 - 2013-03-06 15:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2013-05-17 12:51 - 2013-03-06 14:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-05-17 12:51 - 2013-03-06 14:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2013-05-17 12:51 - 2013-03-06 14:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
    2013-05-17 12:51 - 2013-03-06 13:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-05-17 12:51 - 2013-03-06 13:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2013-05-17 12:49 - 2013-05-17 12:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2013-05-16 20:55 - 2013-05-16 20:55 - 00561048 ____A C:\Windows\Minidump\051613-11109-01.dmp
    2013-05-11 11:29 - 2013-05-11 11:29 - 00000000 ____D C:\Users\Vivek\AppData\Local\Adobe
    2013-05-11 11:28 - 2013-06-08 18:22 - 00000000 ____D C:\Program Files (x86)\Adobe
    2013-05-11 11:28 - 2013-05-11 11:28 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2013-05-11 11:23 - 2013-06-08 18:22 - 00000000 ____D C:\ProgramData\Adobe
    2013-05-11 01:37 - 2013-05-11 01:37 - 00679352 ____A C:\Windows\Minidump\051113-11062-01.dmp
    2013-05-10 10:24 - 2013-05-10 10:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2013-05-10 10:24 - 2013-05-10 10:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

    ==================== One Month Modified Files and Folders =======

    2013-06-09 20:49 - 2013-06-09 20:49 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2013-06-09 12:50 - 2012-07-26 15:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-06-09 12:50 - 2012-07-26 01:10 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-06-09 12:26 - 2012-07-26 15:21 - 00018914 ____A C:\Windows\setupact.log
    2013-06-09 12:23 - 2012-07-26 01:10 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-06-09 12:16 - 2013-04-20 15:06 - 01322167 ____A C:\Windows\WindowsUpdate.log
    2013-06-09 12:00 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\System32\sru
    2013-06-09 11:54 - 2012-07-26 15:28 - 00850046 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-06-09 11:47 - 2012-07-26 13:26 - 00524288 __ASH C:\Windows\System32\config\BBI
    2013-06-09 11:46 - 2013-06-09 11:46 - 00000000 ____D C:\_OTL
    2013-06-09 11:22 - 2013-04-20 15:44 - 00000000 ____D C:\Users\Vivek\AppData\Local\Avg2013
    2013-06-09 11:22 - 2013-04-20 15:44 - 00000000 ____D C:\ProgramData\MFAData
    2013-06-09 11:17 - 2013-06-09 11:17 - 00104712 ____A C:\Users\Vivek\Desktop\OTL.Txt
    2013-06-09 11:17 - 2013-06-09 11:17 - 00046738 ____A C:\Users\Vivek\Desktop\Extras.Txt
    2013-06-09 11:14 - 2013-06-09 11:14 - 00602112 ____A (OldTimer Tools) C:\Users\Vivek\Desktop\OTL.exe
    2013-06-09 11:08 - 2013-06-09 11:08 - 00000620 ____A C:\Users\Vivek\Desktop\JRT.txt
    2013-06-09 11:07 - 2013-06-09 11:07 - 00000000 ____D C:\Windows\ERUNT
    2013-06-09 11:07 - 2013-06-09 11:06 - 00000000 ____D C:\JRT
    2013-06-09 11:06 - 2013-06-09 11:06 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Vivek\Desktop\JRT.exe
    2013-06-09 11:02 - 2013-06-09 11:02 - 00001071 ____A C:\Users\Vivek\Desktop\AdwCleaner[S1].txt
    2013-06-09 11:01 - 2013-06-09 11:00 - 00001071 ____A C:\AdwCleaner[S1].txt
    2013-06-09 11:01 - 2012-07-26 00:46 - 01342768 ____A C:\Windows\PFRO.log
    2013-06-09 10:59 - 2013-06-09 10:58 - 00648201 ____A C:\Users\Vivek\Desktop\adwcleaner.exe
    2013-06-08 18:22 - 2013-06-07 18:21 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
    2013-06-08 18:22 - 2013-05-11 11:28 - 00000000 ____D C:\Program Files (x86)\Adobe
    2013-06-08 18:22 - 2013-05-11 11:23 - 00000000 ____D C:\ProgramData\Adobe
    2013-06-08 18:22 - 2013-05-07 12:23 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\ICAClient
    2013-06-08 18:22 - 2013-05-07 12:22 - 00000000 ____D C:\Users\Vivek\AppData\Local\Citrix
    2013-06-08 18:22 - 2013-05-07 12:22 - 00000000 ____D C:\ProgramData\Citrix
    2013-06-08 18:22 - 2013-05-07 12:22 - 00000000 ____D C:\Program Files (x86)\Citrix
    2013-06-08 18:22 - 2013-05-07 12:17 - 00000000 ____D C:\Program Files (x86)\Cisco
    2013-06-08 18:22 - 2013-05-07 12:16 - 00000000 ____D C:\Program Files (x86)\Java
    2013-06-08 18:22 - 2013-04-21 13:31 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\vlc
    2013-06-08 18:22 - 2013-04-21 13:11 - 00000000 ____D C:\Program Files (x86)\iTunes
    2013-06-08 18:22 - 2013-04-21 12:52 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\uTorrent
    2013-06-08 18:22 - 2013-04-20 15:10 - 00000000 ____D C:\Users\Vivek\AppData\Local\Google
    2013-06-08 18:22 - 2013-04-20 15:06 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Adobe
    2013-06-08 18:22 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\registration
    2013-06-08 18:22 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2013-06-08 18:22 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Windows Defender
    2013-06-08 18:22 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2013-06-08 18:22 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2013-06-08 18:22 - 2012-07-26 13:37 - 00000000 ____D C:\Windows\servicing
    2013-06-08 16:24 - 2012-07-26 01:10 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-06-08 12:59 - 2013-06-08 12:10 - 00000000 ____D C:\FRST
    2013-06-08 12:13 - 2013-06-08 11:02 - 00000000 ____D C:\Users\Vivek\Desktop\Virus
    2013-06-08 12:11 - 2013-06-08 12:58 - 00039162 ____A C:\Users\Vivek\Desktop\FRST.txt
    2013-06-08 12:11 - 2013-06-08 12:58 - 00012924 ____A C:\Users\Vivek\Desktop\Addition.txt
    2013-06-08 12:07 - 2013-06-08 12:58 - 01919218 ____A (Farbar) C:\Users\Vivek\Desktop\FRST64.exe
    2013-06-08 11:20 - 2013-06-08 11:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Malwarebytes
    2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-08 10:23 - 2013-06-08 10:23 - 00422160 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-06-08 10:23 - 2013-06-08 10:23 - 00281640 ____A C:\Windows\Minidump\060813-9906-01.dmp
    2013-06-08 10:23 - 2013-05-07 01:46 - 380871978 ____A C:\Windows\MEMORY.DMP
    2013-06-08 10:23 - 2013-05-07 01:46 - 00000000 ____D C:\Windows\Minidump
    2013-06-08 10:23 - 2013-04-20 15:06 - 00000000 ____D C:\users\Vivek
    2013-06-05 22:54 - 2013-05-18 17:05 - 00011674 ____A C:\Users\Vivek\Desktop\CarComparison.xlsx
    2013-06-04 16:14 - 2013-04-21 18:21 - 00000000 ____D C:\Users\Vivek\Documents\Outlook Files
    2013-06-04 09:04 - 2013-04-20 15:06 - 00000000 ____D C:\Users\Vivek\AppData\Local\VirtualStore
    2013-06-04 09:01 - 2013-06-04 09:01 - 00000000 ____D C:\ProgramData\Macrovision
    2013-06-04 09:00 - 2012-07-26 01:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-06-04 08:56 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\rescache
    2013-06-04 08:19 - 2012-07-26 16:12 - 00000000 ___RD C:\Windows\ToastData
    2013-06-04 08:19 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\WinStore
    2013-06-04 08:19 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
    2013-06-04 08:19 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\System32\en-GB
    2013-06-03 00:12 - 2013-04-20 15:50 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2013-06-03 00:12 - 2012-07-26 13:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
    2013-06-02 21:37 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\AUInstallAgent
    2013-05-17 13:33 - 2013-04-21 15:21 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-05-17 12:49 - 2013-05-17 12:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2013-05-17 12:49 - 2013-04-21 13:11 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Apple Computer
    2013-05-16 20:55 - 2013-05-16 20:55 - 00561048 ____A C:\Windows\Minidump\051613-11109-01.dmp
    2013-05-11 11:29 - 2013-05-11 11:29 - 00000000 ____D C:\Users\Vivek\AppData\Local\Adobe
    2013-05-11 11:28 - 2013-05-11 11:28 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2013-05-11 01:37 - 2013-05-11 01:37 - 00679352 ____A C:\Windows\Minidump\051113-11062-01.dmp
    2013-05-10 10:24 - 2013-05-10 10:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2013-05-10 10:24 - 2013-05-10 10:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-06-03 00:20

    ==================== End Of Log ============================
     
  8. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Very good :)

    Please re-run MBAM, RogueKiller and MBAR (in that order).
     
  9. vekky

    vekky TS Rookie Topic Starter Posts: 34

    MBAM Log

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.07.10

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16580
    Vivek :: VIVEKDESKTOP [administrator]

    Protection: Disabled

    9/06/2013 12:57:50 PM
    mbam-log-2013-06-09 (12-57-50).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211675
    Time elapsed: 1 minute(s), 4 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  10. vekky

    vekky TS Rookie Topic Starter Posts: 34

    RogueKiller Log

    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : Vivek [Admin rights]
    Mode : Remove -- Date : 06/09/2013 13:01:53
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: KINGSTON SV300S37A120G +++++
    --- User ---
    [MBR] 4b54ccd594ac755973a297ef29013769
    [BSP] bdb89f7a832e32e143bfd97417e0a99b : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 114121 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: ST1000DM003-1CH162 +++++
    --- User ---
    [MBR] f4f2ba52264772206c3d7a60c5cab9d4
    [BSP] bc5903bd79df211ff7449cf8503ec114 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: USB 2.0 Flash Drive USB Device +++++
    --- User ---
    [MBR] ea5847b14abd1d47895cb72e10dc4b49
    [BSP] 5fcd8e5f3be24752631b410508e92be7 : MBR Code unknown
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2552 | Size: 961 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2]_D_06092013_02d1301.txt >>
    RKreport[1]_S_06092013_02d1300.txt ; RKreport[2]_D_06092013_02d1301.txt
     
  11. vekky

    vekky TS Rookie Topic Starter Posts: 34

    MBAR Log

    Malwarebytes Anti-Rootkit BETA 1.06.0.1003
    www.malwarebytes.org

    Database version: v2013.06.08.06

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16580
    Vivek :: VIVEKDESKTOP [administrator]

    9/06/2013 1:03:55 PM
    -log-2013-06-09 (13-03-55).txt

    Scan type: Quick scan
    Scan options enabled: PUM | P2P
    Scan options disabled: Anti-Rootkit | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUP
    Objects scanned: 0
    Time elapsed:

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
     
  12. vekky

    vekky TS Rookie Topic Starter Posts: 34

    System Log - I pasted from todays log as it seems that the file has all the logs. I searched by date.

    Malwarebytes Anti-Rootkit BETA 1.06.0.1003

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.2.9200 Windows 8 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16580

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 3.410000 GHz
    Memory total: 8537436160, free: 6368460800

    Downloaded database version: v2013.06.08.01
    Downloaded database version: v2013.06.08.02
    Downloaded database version: v2013.06.08.03
    Downloaded database version: v2013.06.08.04
    Downloaded database version: v2013.06.08.05
    Downloaded database version: v2013.06.08.06
    Initializing...
    ------------ Kernel report ------------
    06/09/2013 13:03:53
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kd.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\System32\drivers\CLFS.SYS
    \SystemRoot\System32\drivers\tm.sys
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\acpiex.sys
    \SystemRoot\System32\Drivers\WppRecorder.sys
    \SystemRoot\System32\drivers\ACPI.sys
    \SystemRoot\System32\drivers\WMILIB.SYS
    \SystemRoot\System32\drivers\msisadrv.sys
    \SystemRoot\System32\drivers\pci.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\system32\drivers\tpm.sys
    \SystemRoot\System32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pdc.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\drivers\spaceport.sys
    \SystemRoot\System32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\System32\drivers\iaStorA.sys
    \SystemRoot\System32\drivers\storport.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\System32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wfplwfs.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\System32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\disk.sys
    \SystemRoot\System32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\BasicRender.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\System32\drivers\BasicDisplay.sys
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\system32\DRIVERS\avgwfpa.sys
    \SystemRoot\system32\DRIVERS\avgfwd6a.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\drivers\npsvctrig.sys
    \SystemRoot\System32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\ctxusbm.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\System32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\kdnic.sys
    \SystemRoot\System32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\HDAudBus.sys
    \SystemRoot\System32\drivers\USBXHCI.SYS
    \SystemRoot\System32\drivers\ucx01000.sys
    \SystemRoot\System32\drivers\HECIx64.sys
    \SystemRoot\System32\drivers\usbehci.sys
    \SystemRoot\System32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\System32\drivers\vwifibus.sys
    \SystemRoot\system32\DRIVERS\Rt630x64.sys
    \SystemRoot\System32\drivers\serial.sys
    \SystemRoot\System32\drivers\serenum.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\System32\drivers\intelppm.sys
    \SystemRoot\System32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\System32\drivers\swenum.sys
    \SystemRoot\System32\drivers\ks.sys
    \SystemRoot\System32\drivers\rdpbus.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\System32\drivers\usbhub.sys
    \SystemRoot\System32\drivers\USBD.SYS
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\drivers\UsbHub3.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\drivers\USBSTOR.SYS
    \SystemRoot\System32\Drivers\exfat.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\drivers\usbccgp.sys
    \SystemRoot\System32\drivers\dc3d.sys
    \SystemRoot\System32\drivers\hidusb.sys
    \SystemRoot\System32\drivers\HIDCLASS.SYS
    \SystemRoot\System32\drivers\kbdhid.sys
    \SystemRoot\System32\drivers\kbdclass.sys
    \SystemRoot\System32\drivers\mouhid.sys
    \SystemRoot\System32\drivers\mouclass.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_iaStorA.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\drivers\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\Ndu.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\condrv.sys
    \??\C:\Windows\system32\drivers\IOMap64.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa800a8c1060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000049\
    Lower Device Object: 0xfffffa800a8c5b00
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8008d10060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\0000003c\
    Lower Device Object: 0xfffffa8006dd6060
    Lower Device Driver Name: \Driver\iaStorA\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8008d11060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\0000003b\
    Lower Device Object: 0xfffffa8006dd8060
    Lower Device Driver Name: \Driver\iaStorA\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8008d11060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8008d11b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008d11060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa8006dfe400, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8006dd8060, DeviceName: \Device\0000003b\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: F20632BD

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 716800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848 Numsec = 233719808

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 120034123776 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-234421648-234441648)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8008d10060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8008d10b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008d10060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa8006b8de40, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8006dd6060, DeviceName: \Device\0000003c\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 2E24DA9

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1953519616

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xfffffa800a8c1060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800a8c2640, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800a8c1060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa800a8c5b00, DeviceName: \Device\00000049\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 509AB85B

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2552 Numsec = 1969672
    Partition file system is exFAT
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1009778688 bytes
    Sector size: 512 bytes

    Done!
    Read File: File "c:\programdata\avg2013\chjw\b03890d938909fc0.dat:86e26470-da5e-4535-9a1c-5c005a007668" is sparse (flags = 32768)
    Read File: File "c:\programdata\avg2013\chjw\b03890d938909fc0.dat:d581b65a-11ae-4862-8659-b902571c171d" is sparse (flags = 32768)
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_2_0_2552_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_r.mbam...
    Removal finished
     
  13. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Very good :)

    It's bed time here so this is going to be my last reply for tonight.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. vekky

    vekky TS Rookie Topic Starter Posts: 34

    No worries, I will follow the steps. Thank you for your help. Speak tomorrow
     
  15. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Checkup.txt

    Results of screen317's Security Check version 0.99.64
    x64 (UAC is enabled)
    Internet Explorer 10
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Internet Security 2013
    Windows Defender
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 21
    Adobe Reader XI
    Google Chrome 27.0.1453.110
    Google Chrome 27.0.1453.94
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  16. vekky

    vekky TS Rookie Topic Starter Posts: 34

    FSS Log

    Farbar Service Scanner Version: 31-05-2013 01
    Ran by Vivek (administrator) on 09-06-2013 at 13:21:12
    Running from "C:\Users\Vivek\Desktop"
    Windows 8 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2013-04-21 15:18] - [2013-03-02 17:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE

    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll
    [2013-06-02 21:29] - [2013-04-09 12:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A

    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll
    [2013-04-21 15:18] - [2013-03-02 10:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A

    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll
    [2013-04-21 15:11] - [2013-01-29 07:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

    C:\Program Files\Windows Defender\MsMpEng.exe
    [2013-04-21 15:11] - [2013-01-29 09:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  17. vekky

    vekky TS Rookie Topic Starter Posts: 34

    TFC Screen Caps

    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Vivek
    ->Temp folder emptied: 1775028 bytes
    ->Temporary Internet Files folder emptied: 102198 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 125236421 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1894237 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 1109 bytes
    Process complete!

    Total Files Cleaned = 123.00 mb
     
  18. vekky

    vekky TS Rookie Topic Starter Posts: 34

    ESET Result

    Scanned Files: 196653
    Infected Files: 0
    Cleaned Files: 0
    Total Scan Time: 00:43:18
    Scan Status: Finished
     
  19. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
     
  20. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Thank you very much for your help Broni. I'll definitely be recommending you and this site and will make a donation.

    One last quick question. What free antivirus would you recommend? I have been using AVG but am thinking if I should change to something else.
     
  21. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    If you read #13 you'll see it really doesn't matter which AV program you use.
    There is no perfect security program and it's always about your computing habits.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    The issue seems to be resolved.
     
  23. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Yes this issue has been resolved. Thank you for your help. The computer is doing well now and no signs of the trojan horse.
     
  24. Broni

    Broni Malware Annihilator Posts: 47,019   +255



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.